package io.vertx.ext.eventbus.bridge.tcp;

import io.vertx.core.buffer.Buffer;
import io.vertx.core.net.JksOptions;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:io/vertx/ext/eventbus/bridge/tcp/SSLKeyPairCerts.class */
public class SSLKeyPairCerts {
    private static final String SERVER_CERT_SUBJECT = "CN=Vertx Server, OU=Middleware Runtime, O=Red Hat, C=US";
    private static final String CLIENT_CERT_SUBJECT = "CN=Vertx Client, OU=Middleware Runtime, O=Red Hat, C=US";
    private static final String PASSWORD = "wibble";
    private JksOptions serverKeyStore;
    private JksOptions serverTrustStore;
    private JksOptions clientKeyStore;
    private JksOptions clientTrustStore;

    public SSLKeyPairCerts createTwoWaySSL() {
        try {
            KeyPair generateRSAKeyPair = generateRSAKeyPair(2048);
            X509Certificate generateSelfSignedCert = generateSelfSignedCert(SERVER_CERT_SUBJECT, generateRSAKeyPair);
            KeyPair generateRSAKeyPair2 = generateRSAKeyPair(2048);
            X509Certificate generateSelfSignedCert2 = generateSelfSignedCert(CLIENT_CERT_SUBJECT, generateRSAKeyPair2);
            KeyStore emptyJKSStore = emptyJKSStore(PASSWORD);
            emptyJKSStore.setKeyEntry("localserver", generateRSAKeyPair.getPrivate(), PASSWORD.toCharArray(), new Certificate[]{generateSelfSignedCert});
            KeyStore emptyJKSStore2 = emptyJKSStore(PASSWORD);
            emptyJKSStore2.setCertificateEntry("clientcert", generateSelfSignedCert2);
            KeyStore emptyJKSStore3 = emptyJKSStore(PASSWORD);
            emptyJKSStore3.setKeyEntry("localclient", generateRSAKeyPair2.getPrivate(), PASSWORD.toCharArray(), new Certificate[]{generateSelfSignedCert2});
            KeyStore emptyJKSStore4 = emptyJKSStore(PASSWORD);
            emptyJKSStore4.setCertificateEntry("servercert", generateSelfSignedCert);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(512);
            emptyJKSStore.store(byteArrayOutputStream, PASSWORD.toCharArray());
            this.serverKeyStore = new JksOptions().setPassword(PASSWORD).setValue(Buffer.buffer(byteArrayOutputStream.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(512);
            emptyJKSStore2.store(byteArrayOutputStream2, PASSWORD.toCharArray());
            this.serverTrustStore = new JksOptions().setPassword(PASSWORD).setValue(Buffer.buffer(byteArrayOutputStream2.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream(512);
            emptyJKSStore3.store(byteArrayOutputStream3, PASSWORD.toCharArray());
            this.clientKeyStore = new JksOptions().setPassword(PASSWORD).setValue(Buffer.buffer(byteArrayOutputStream3.toByteArray()));
            ByteArrayOutputStream byteArrayOutputStream4 = new ByteArrayOutputStream(512);
            emptyJKSStore4.store(byteArrayOutputStream4, PASSWORD.toCharArray());
            this.clientTrustStore = new JksOptions().setPassword(PASSWORD).setValue(Buffer.buffer(byteArrayOutputStream4.toByteArray()));
            return this;
        } catch (Exception e) {
            throw new RuntimeException("Cannot generate SSL key pairs and certificates", e);
        }
    }

    private X509Certificate generateSelfSignedCert(String str, KeyPair keyPair) throws Exception {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.ONE, new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 2592000000L), new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(7, "127.0.0.1")));
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()))));
        certificate.checkValidity(new Date());
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    private KeyPair generateRSAKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    private KeyStore emptyJKSStore(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, str.toCharArray());
        return keyStore;
    }

    public JksOptions getServerKeyStore() {
        return this.serverKeyStore;
    }

    public JksOptions getServerTrustStore() {
        return this.serverTrustStore;
    }

    public JksOptions getClientKeyStore() {
        return this.clientKeyStore;
    }

    public JksOptions getClientTrustStore() {
        return this.clientTrustStore;
    }
}
